It’s a crypto-minefield out there.

Buzzwords of the 21st century. They come; some go – some stay. Example of the latter: synergy. Remember that one? It used to be bandied about in practically every business presentation given some 15 years ago (apart from mine; no thank you!). And do you recall the Y2K bug? Oh my goodness – that was 18 years ago already :). That too came and went (after having turned out to be much ado about nothing). Out of those that come and stay, there’s… hmmm… leverage, wellness, proactive, paradigm… But I digress.

Not all buzzwords are silly/nonsense/marketing hype/investor-and-consumer deceiving… sophistry (is that a buzzword? Sure sounds it, but…:). Blockchain is one example. For example, our business incubator is nurturing several blockchain ideas that will change the world for the better in their niches.

Not just to buy Bitcoins but also to sell them

But that’s not what this post is about. Today I want to share my thoughts on the influence of cryptocurrencies on global cybersecurity and how we help users protect themselves from new threats. I’ll also fantasize a little about the future of free internet services and options for monetization of software.

Cryptocurrencies have been the lifeblood of cybercrime for several years already. Indeed, laundering loot stolen with banking Trojans and ransomware is much safer using cryptocurrencies, since they’re hard to trace. Spammers, hackers, chancers and other cybercriminals are raking in enormous sums from their victims. Specialized botnets stealthily employ (half a million!) home computers; smartphones; or servers, and infiltrate supply chains and business software. Last year web mining skyrocketed – scripts that allow to unnoticeably mine cryptocurrencies via a browser when it visits certain websites. Ok, I think you get the picture: the diagnosis is rather alarming; but the prognosis looks even worse. Cybercrime has found in cryptocurrencies a second wind – inspiration for new methods of bad-old robbing folk.

Not that we’re sitting on our hands while all this is going on: we detect and clean up all this crypto-maliciousness. Last year our products prevented 70 million attempts to launch web miners, and protected some 10 million users form various types of mining attacks.

So yes, these days you really do have to watch out for miners, extortionists, spammers and other newly-minted cyberbaddies – not let them swindle you; and that includes by using good protection. We’re closely following the developing situation and are developing new technologies so that users can sleep soundly.

So what does the future hold? How will the cyberthreat landscape change under the influence of cryptocurrencies? How will cryptominers develop, and how will they affect the IT industry.

First (and we’ve already been witnessing this), the cybercrims’ focus will move away from blatant, harsh attacks on users like hacking online banking or encrypting data and then seeking a ransom. Such methods are rather difficult, dangerous, and actually not that effective. Victims get understandably riled, call the police, and experts find a vulnerability in the crypto-algorithm and write a decryptor. In any case an attack is quickly discovered, and there’s no guarantee it brings sufficient profit. All of that means that the cyber-scum will switch to less risky strategies – to mine home computers on the quiet to guarantee slower – but much safer – criminal incomes. Example: The Smominru botnet earned ~$3 million in eight months for its operators.

Second (and this looks to be the most unpleasant thing on the horizon), miners will for sure start to look beyond mere home computers, corporate servers and malicious scripts on websites. Not that they need look far – there’s the whole vulnerable internet of things for them to feast on: IP cameras, smart-homes, fridges, vacuum cleaners, coffee machines and the rest. They’re much easier to recruit into botnets because their security is often frightfully lame as it’s a mere afterthought in the ever-rushed design-to-market race (they also get updated slower generally). And many users still haven’t cracked decent hygiene for the internet of things since there aren’t any special security solutions for it. The Mirai and BrickerBot botnets demonstrated this perfectly: so-called ‘smart’ devices are easy prey since users don’t think about their security.

Third, miners are starting a process of legalization – they’ll creep into both the gray and white zones. In the small print in the licensing agreement (or in a pop-up in the interface), the product will inform the user that it will take a small bite of processor power as payment. Software, hardware, web services, media content – practically everything on the internet can be monetized through the use of mining. The bizarre bit is that everyone will be on for it: users get what they think are ‘free’ products, while the manufacturers just keep counting the money. And should computers be slowed down, it’ll be easy to keep on blaming Windows or the antivirus :).

In closing, I’ll first answer the inevitable question from some of you: No, we aren’t planning on adding miners to our free products (including Kaspersky FREE) – or our paid-for products: none of them! We’re just gonna keep on protecting you, no matter what, as we’ve always done.

Enter your email address to subscribe to this blog and receive notifications of new posts by email

Muhammad Ali

Thank you very much Mr. Eugene Kaspersky for your post. Your post as after reading it gave me lots of answers, and perhaps including to what I asked to you before. I understand the message you gave in between the lines.

Muhammad Ali

Jonathan

Thank you for being one step ahead of cryptomining malware. I was once browsing USA Today’s website and KAV 2018’s Web Anti-Virus component detected a mining script. I decided to look it up myself by hitting F12 Developer tools and I found the offending script.

It seems that cybercrooks have found ransomware to get less and less lucrative so they hone their focus on mining scripts. I hope Kaspersky AV has taken the consideration of a scenario when a cryptomining script has implemented “pulse width modification” where it will sleep at some time to evade detection and not raise CPU usage that much to not raise suspicion as most known cryptomining scripts rely on raising CPU usage immediately.

I love Russian winters. Everything coated in spotless (at least on my balcony at the office) driven snow, and when the sun comes out, the beauty of the serene scene is multiplied several fold: But wait. Typo, surely, no? Russian winter? But we’re 16 days into spring already. At least, that’s what I thought. What’s […]

Many different cyber-professional events take place around the world every year. Out of all of them I have one special favorite – our own special one for cybersecurity analysts: SAS (Security Analyst Summit). And every year they just get better and better and bigger and bigger. This time we had 320 guests from 30+ countries – […]

Hi folks! Cenotes. Gotta love ’em. What’s a cenote, you ask? A cenote is “a natural pit, or sinkhole, resulting from the collapse of limestone bedrock that exposes groundwater underneath. Especially associated with the Yucatán Peninsula of Mexico, cenotes were sometimes used by the ancient Maya for sacrificial offerings.” – Wikipedia. Cenotes of the Yucatán […]

I’m a curious chap. Example: I’ve long wondered what the differences are between European and Russian… steel works! Ok, not quite everyone else in the world is wondering about such a thing, but, then, you don’t follow this blog for more on what everyone else is thinking, right? ). So wonder I did. Past tense. Today […]

I first set eyes on these incredible creatures last year in 2017. Just a year later and I was back for more, and since then I haven’t been able to stop wondering: where did they come from and how did they manage to survive? Wikipedia gave me part of the answers, which in this instance […]

I really cannot remember a winter in Moscow like this one. A Moscow winter as it should be – frosty, icy, snowy, chilly, splendid, and sometimes even sunny. More often than not it’s a soggy, slushy, sullied affair, but I’m normally on the other side of the planet so it doesn’t really affect me so […]